Gearset Help Center

Clayton Rule Documentation

Learn everything about our rules, and how to leverage them drive absolute quality in your development team.

Clayton Rules - Common Weakness Enumeration mapping

Clayton Rules - Use native ZIP functions over Zippex

Security best practices

Clayton Rules - Hardcoded secret

Clayton Rules - Passwords set programmatically

Clayton Rules - Avoid Using HTTP Referer Headers

Clayton Rules - Email spamming risk

Insecure sharing to external users

Clayton Rules - Server-side Payload Injection

Clayton Rules - User Registration Without Limits

Clayton Rules - LWC Clickjacking on CSS

Clayton Rules - Import of sensitive fields in Lightning Web Components (LWC)

Clayton Rules - Direct DOM manipulation in Lightning Web Components (LWC)

Clayton Rules - Sensitive information storage

Sensitive information logging

Clayton Rules - Excessive data access permissions

Subresource integrity

Content Security Policy (CSP)

Insecure endpoints

Named credentials

Randomization of cryptographic keys

Use of Session storage and Local storage

Use of Session ID in Visualforce

Missing access restrictions in flows

Coding best practices

Multiple automation on the same object

Multiple record-triggered flows on the same object

Call to blocklisted method

Missing fault path in Flows

Identify methods with global visibility

Asynchronous methods in loops

Boundaries on SOQL statements

Bulkification of triggers

Business logic in triggers

Metadata API recency

Multiple triggers per object

Number of arguments per method

Number of methods per class

Send email in loops

Inefficient Calls to Schema.getGlobalDescribe

Use of spaces in attribute class selectors

Database operations

Non-selective SOQL queries on large objects

Database changes in Flow loop paths

Direct access utility class

Data manipulation utility class

CRUD and Field-Level Security

Exception handling

Data access in loops

Data manipulation in constructors

Transaction control

Flows without description

Description on custom objects

Description on custom fields

How to Adjust the Severity of a Rule in Clayton

Clayton Rules - Hardcoded IDs in code

Clayton Rules - Hardcoded ID (flows)

Clayton Rules - Hardcoded IDs in Configuration

Lightning best practices

Clayton Rules - Inline JavaScript

Clayton Rules - Unsafe JavaScript

Naming conventions

Clayton Rules - Naming conventions on Aura Controller Property

Clayton Rules -Naming conventions on Apex inner classes

Clayton Rules - Naming conventions on Apex triggers

Naming conventions for Apex variables

Naming conventions on Apex methods

Naming conventions on sObjects

Clayton Rules - Naming conventions on sObjects fields

Inactive Workflow Rules

Inactive Workflows

Optimized loading of resources

Unnecessary code detection

Testing best practices

Clayton rules - Identify test coverage cheats

Untested Lightning Web Components

Assertions with comments

Minimum number of assertion

Clayton rules - Test data isolation

Clayton Rules - Untested methods

Clayton Rules - Use of @IsTest annotation

Clayton rules - Use of test data factories

Visualforce best practices

Clayton Rules - Salesforce1 compatibility in Visualforce

Clayton Rules - Visualforce view state optimizatio

Clayton Rules - User friendly messages in Visualforce

Vulnerability protection

Clayton Rules - No autocompletion on password field

Clayton Rules - No insecure cookies

Clayton Rules - Arbitrary Page Redirect

Clayton Rules - Cross-Site Scripting (XSS)

Clayton Rules - Insecure Direct Object References

Clayton Rules - Cross-Site Request Forgery (CSRF)

Maintainability

Clayton Rules - Inactive flows and processes

Clayton Rules - Inactive validation rules

Clayton Rules - Objects with an excessive number of custom fields

Clayton Rules - High complex flows and processes

Clayton Rules - High complex Apex methods

Clayton Rules - High complex Apex files

Clayton Rules - Use of outdated API version for ICU locale

Release readiness

Clayton Rules - Retirement of AccountInsights and OpportunityInsights Settings

Retirement of Streaming API versions

Deprecated methods in URL Class

Deprecated SiteSetting

Changed behaviour on Type.forName

Retirement of Salesforce Functions

Clayton Rules - JsonAccess Annotation

Clayton Rules - Use of deprecated list view resources

Clayton Rules - Use of Retired Workflows and Process Builders

Clayton Missed opportunity: Static SOQL for Data Cloud DMOs

Clayton Rules - Untested Flows

Clayton Missed opportunity: defaultValue and placeholderText modifiers

Clayton Rules - Use of JavaScript in WebLinks

Clayton Rules - Breaking Change in LWC host access

Clayton Rules - Breaking change in LWC import and export statements

Clayton Rules - Breaking change in LWC style access

Clayton Missed opportunity: Null Coalescing Operator